[midPoint] Unassigning a role

Radovan Semancik radovan.semancik at evolveum.com
Thu Jun 16 17:22:19 CEST 2016


Hi Florin,

I guess that the error is caused by this:

     Property modification operation:
       auxiliaryObjectClass
         ADD: {...resource/instance-3}top, 
{...resource/instance-3}person, {...resource/instance-3}organizationalPerson
         OLD: {...resource/instance-3}ldapPublicKey, 
{...resource/instance-3}inetUser, {...resource/instance-3}shadowAccount, 
{...resource/instance-3}posixAccount

I guess that the problem is, that midpoint tries to add "top" object 
class. Every LDAP object has to have "top" object class, so the existing 
object surely has it. The LDAP spec also specifies, that if the client 
tries to add a value which already exists in an attribute the LDAP 
server should respond with an error.

Probably the best fix would be to remove "top" from your auxiliary 
object class definitions. I mean this:

<auxiliaryObjectClass>ri:top</auxiliaryObjectClass>

Firstly, "top" is a structural object class, not auxiliary. Secondly, 
you usually does not need to manage the "top" object class at all. Most 
LDAP servers will be OK if you specify just the most concrete object 
class in the object class hierarchy and the server will automatically 
add the superclasses. Please see check the LDAP schema and leave only 
the auxiliary object classes in the <auxiliaryObjectClass> configuration 
property.

There are also alternative solutions by using permissive modify control 
in LDAP or by telling midpoint to explicitly filter out the duplicate 
values. Let me know if the fix with the "top" object class does not work 
for you (yet it should work) and I will provide more details about these 
methods.

-- 
Radovan Semancik
Software Architect
evolveum.com




On 06/10/2016 11:24 PM, Florin. Stingaciu wrote:
> Hello,
>
> So I'm attempting to upgrade from 3.3.1 to the latest build. Before 
> starting the tomcat server with the latest built, I applied this patch 
> to the DB server (http://pastebin.com/jZJtbtUT).
>
> Everything comes up fine, but when I try to unassign a role I get an 
> error. Here's all the relevant configuration, as well as the error 
> with the log level set to trace for the loggers you requested.
>
>   * Connector Schema Handling section (http://pastebin.com/j4UWFrBU).
>     In here there are the following
>       o Default account -- used for real People
>       o Service account -- used for service accounts
>       o User Group Possix Entitlement -- used for user groups that are
>         posix groups
>       o User Group Group of Names Entitlement -- used for user groups
>         that are group of names groups
>       o Service Groups Entitlement -- used for service groups
>       o Openstack Domains/Groups Entitlement -- used for Openstack groups
>   * This is the metarole assigned to the role I'm trying to unassign
>     from the user (http://pastebin.com/fhcXnDXE)
>      o
>
>       o the first twos inducements are of order one and creates two
>         LDAP groups, one posix and one group of names
>       o the second inducement is an order two inducement that create a
>         'default' account if the employee type is equal to 'user' and
>         associates the user with the two created groups
>       o the third inducement is an order two inducement that create a
>         'service' account if the employee type is equal to 'service'
>         and associates the user with the two created groups
>       o the fourth and fifth are both second order inducements that
>         generate a gid and uid for the user
>
>
> So I couldn't actually send you the TRACE level logs as there's a lot 
> of information in those logs, I'm not permitted to divulge on a 
> mailing list. Plus they were crazy huge. However, the DEBUG level seem 
> fine: http://pastebin.com/UXMDpsDr
>
> You can see from the logs that from some reason, when I unassign the 
> user from the role, it tries to modify the user and add a bunch of 
> auxiliary object classes that should've been already created.
>
> So I just checked the Shadow object for my user account and there's 
> only the following object classes:
>
>  <objectClass>ri:inetOrgPerson</objectClass>
>  <auxiliaryObjectClass>ri:ldapPublicKey</auxiliaryObjectClass>
>  <auxiliaryObjectClass>ri:inetUser</auxiliaryObjectClass>
>  <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>
>  <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
>
> when there should've been all of the following:
>
> <objectClass>ri:inetOrgPerson</objectClass>
> <auxiliaryObjectClass>ri:ldapPublicKey</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:inetUser</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:organizationalPerson</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:person</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:posixAccount</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:shadowAccount</auxiliaryObjectClass>
> <auxiliaryObjectClass>ri:top</auxiliaryObjectClass>
>
> So I went back and started double checking all the shadows, from 
> before and all of them only have those five auxiliary object classes. 
> However, on my LDAP, the account has the full set of object classes:
>
> objectClass: inetOrgPerson
> objectClass: person
> objectClass: ldapPublicKey
> objectClass: inetUser
> objectClass: shadowAccount
> objectClass: organizationalPerson
> objectClass: posixAccount
> objectClass: top
>
> Meaning that the previous version of midpoint I was using did not 
> store more than those five auxiliary classes. I just created a brand 
> new user in this version of Midpoint and all of the classes were 
> stored in the shadow without any issues.
>
> I will be reverting back to the previous version for now, as I can't 
> use this version for now. Any ideas on how to resolve this going 
> forward would be great. Even if it's a hacky solution such as a delta 
> change for shadow objects that adds the extra aux classes for every 
> shadow that's on that resource.
>
> Thanks,
> -F
>
> On Wed, Jun 8, 2016 at 1:45 PM, Pavol Mederly <mederly at evolveum.com 
> <mailto:mederly at evolveum.com>> wrote:
>
>     Hello Florin,
>
>     I haven't experienced such an error message. It can be caused by a
>     midPoint fault or by a problem in your particular configuration.
>
>     You write that you get this error with today's and yesterday's
>     build. Do you think it worked well before? Or you didn't try at
>     that time?
>
>     Without any other clues, to complete diagnose your problem, it
>     would be necessary to see your configuration (resource config, and
>     all relevant roles), and the logs. As for the latter, it is best
>     to set model + provisioning to TRACE (with specific logging for
>     Clockwork and Projector either removed, or set to TRACE as well).
>
>     But maybe somebody else would have a better idea; unfortunately,
>     midnight is approaching here in Europe, so probably only tomorrow.
>
>     Best regards,
>
>     Pavol
>
>
>     On 08.06.2016 20:58, Florin. Stingaciu wrote:
>>     Hello again,
>>
>>     I updated to the latest version however, now I'm experiencing
>>     problems when trying to unassign a role from a user. It fails
>>     with the following stack trace:
>>
>>
>>     2016-06-08 18:51:09,702 [] [Thread-31] ERROR
>>     (com.evolveum.midpoint.provisioning.ucf.impl.IcfUtil): ICF
>>     Exception
>>     org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException
>>     in connector:c230c871-6f5b-4525-abee-d2905569b8df(ICF
>>     com.evolveum.polygon.connector.ldap.LdapConnector
>>     v1.4.3.0-SNAPSHOT):
>>     resource:a0741b12-c96d-491d-8213-ecad84ab490e(OpenLDAP Accounts
>>     Schema) while adding attribute values to object identified by ICF
>>     UID 'uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net':
>>     Error modifying LDAP entry
>>     uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net:
>>     [add:objectClass: top
>>     objectClass: person
>>     objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
>>     org.identityconnectors.framework.common.exceptions.InvalidAttributeValueException:
>>     Error modifying LDAP entry
>>     uid=florin_stingaciu,ou=people,dc=mgmt,dc=symcpe,dc=net:
>>     [add:objectClass: top
>>     objectClass: person
>>     objectClass: organizationalPerson,]: attributeOrValueExists:  (20)
>>             at
>>     com.evolveum.polygon.connector.ldap.LdapUtil.processLdapResult(LdapUtil.java:440)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.processModifyResult(AbstractLdapConnector.java:923)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.modify(AbstractLdapConnector.java:914)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.ldapUpdate(AbstractLdapConnector.java:864)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.polygon.connector.ldap.AbstractLdapConnector.addAttributeValues(AbstractLdapConnector.java:804)
>>     ~[connector-ldap-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     org.identityconnectors.framework.impl.api.local.operations.UpdateImpl.addAttributeValues(UpdateImpl.java:129)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:98)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.DelegatingTimeoutProxy.invoke(DelegatingTimeoutProxy.java:99)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.identityconnectors.framework.impl.api.LoggingProxy.invoke(LoggingProxy.java:83)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at com.sun.proxy.$Proxy171.addAttributeValues(Unknown
>>     Source) ~[na:na]
>>             at
>>     org.identityconnectors.framework.impl.api.AbstractConnectorFacade.addAttributeValues(AbstractConnectorFacade.java:199)
>>     ~[connector-framework-internal-1.4.3.0-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:1791)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.ucf.impl.ConnectorInstanceIcfImpl.modifyObject(ConnectorInstanceIcfImpl.java:210)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.executeModify(ResourceObjectConverter.java:697)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ResourceObjectConverter.modifyResourceObject(ResourceObjectConverter.java:529)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ShadowCache.modifyShadow(ShadowCache.java:480)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.provisioning.impl.ProvisioningServiceImpl.modifyObject(ProvisioningServiceImpl.java:763)
>>     [provisioning-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.modifyProvisioningObject(ChangeExecutor.java:1265)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeModification(ChangeExecutor.java:1108)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta(ChangeExecutor.java:704)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeChanges(ChangeExecutor.java:294)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.Clockwork.processSecondary(Clockwork.java:507)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.Clockwork.click(Clockwork.java:336)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.lens.Clockwork.run(Clockwork.java:214)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at
>>     com.evolveum.midpoint.model.impl.controller.ModelController.executeChanges(ModelController.java:555)
>>     [model-impl-3.4-SNAPSHOT.jar:na]
>>             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>     Method) ~[na:1.7.0_101]
>>             at
>>     sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>     ~[na:1.7.0_101]
>>             at
>>     sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>     ~[na:1.7.0_101]
>>             at java.lang.reflect.Method.invoke(Method.java:606)
>>     ~[na:1.7.0_101]
>>             at
>>     org.apache.wicket.proxy.LazyInitProxyFactory$JdkHandler.invoke(LazyInitProxyFactory.java:507)
>>     [wicket-ioc-7.1.0.jar:7.1.0]
>>             at com.sun.proxy.$Proxy146.executeChanges(Unknown Source)
>>     [na:na]
>>             at
>>     com.evolveum.midpoint.web.component.progress.ProgressReporter$1.run(ProgressReporter.java:188)
>>     [ProgressReporter$1.class:na]
>>             at java.lang.Thread.run(Thread.java:745) [na:1.7.0_101]
>>
>>     I just double checked and this seems to happen with both today's
>>     build and yesterday's build. It seems as even though I'm
>>     unassigning the user from a group it is trying to add an object
>>     class to the user DN
>>
>>     Thanks,
>>     -F
>>
>>
>>     On Tue, Jun 7, 2016 at 1:44 PM, Pavol Mederly
>>     <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>
>>         The problem with "Add members" was a misconfiguration in my
>>         test environment.
>>
>>         So, working with role members should be without problems;
>>         please let us know if not.
>>
>>         Best regards,
>>
>>         Pavol
>>
>>
>>         On 07.06.2016 22:36, Pavol Mederly wrote:
>>>
>>>         Hello Florin,
>>>
>>>         you are right. I was able to reproduce it here.
>>>
>>>         I fixed that, please try the latest master -
>>>         v3.4devel-1803-g0f5c22f.
>>>
>>>         (Besides that, I noticed some problems with "Add members"
>>>         function, so I'll continue testing it.)
>>>
>>>         Best regards,
>>>
>>>         Pavol
>>>
>>>
>>>         On 07.06.2016 20:54, Florin. Stingaciu wrote:
>>>>         Hey Pavol,
>>>>
>>>>         So I managed to update to the latest version, applied to DB
>>>>         patch, and also double checked that adding and removing
>>>>         inducements for roles works now. However, when I try to
>>>>         recompute all members (there's only one member), I get the
>>>>         following error stack:
>>>>
>>>>         2016-06-07 18:50:33,834 [] [midPointScheduler_Worker-8]
>>>>         ERROR
>>>>         (com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler):
>>>>         Recompute: Schema error while creating a search filter:
>>>>         Failed to convert query. Reason: No definition for item
>>>>         assignment/targetRef in POD:{.../common/common-3}object
>>>>         {.../common/common-3}ObjectType[1,1],RAM
>>>>         com.evolveum.midpoint.util.exception.SchemaException:
>>>>         Failed to convert query. Reason: No definition for item
>>>>         assignment/targetRef in POD:{.../common/common-3}object
>>>>         {.../common/common-3}ObjectType[1,1],RAM
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:134)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:113)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQuery(QueryJaxbConvertor.java:79)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.createQueryFromTask(AbstractSearchIterativeTaskHandler.java:451)
>>>>         [model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.sync.RecomputeTaskHandler.createQuery(RecomputeTaskHandler.java:108)
>>>>         ~[model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.runInternal(AbstractSearchIterativeTaskHandler.java:187)
>>>>         [model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.model.impl.util.AbstractSearchIterativeTaskHandler.run(AbstractSearchIterativeTaskHandler.java:155)
>>>>         [model-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeHandler(JobExecutor.java:479)
>>>>         [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.executeSingleTask(JobExecutor.java:300)
>>>>         [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.task.quartzimpl.execution.JobExecutor.execute(JobExecutor.java:164)
>>>>         [task-quartz-impl-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         org.quartz.core.JobRunShell.run(JobRunShell.java:213)
>>>>         [quartz-2.1.3.jar:na]
>>>>                 at
>>>>         org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:557)
>>>>         [quartz-2.1.3.jar:na]
>>>>         Caused by:
>>>>         com.evolveum.midpoint.util.exception.SchemaException: No
>>>>         definition for item assignment/targetRef in
>>>>         POD:{.../common/common-3}object
>>>>         {.../common/common-3}ObjectType[1,1],RAM
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseRefFilter(QueryConvertor.java:423)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:178)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseLogicalFilter(QueryConvertor.java:230)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseAndFilter(QueryConvertor.java:209)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:188)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilterInternal(QueryConvertor.java:151)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.parser.QueryConvertor.parseFilter(QueryConvertor.java:125)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 at
>>>>         com.evolveum.midpoint.prism.query.QueryJaxbConvertor.createObjectQueryInternal(QueryJaxbConvertor.java:124)
>>>>         ~[prism-3.4-SNAPSHOT.jar:na]
>>>>                 ... 11 common frames omitted
>>>>
>>>>
>>>>         Any help would be greatly appreciated.
>>>>
>>>>         Thanks,
>>>>         -F
>>>>
>>>>         On Thu, Jun 2, 2016 at 3:40 PM, Florin. Stingaciu
>>>>         <fstingaciu at mirantis.com <mailto:fstingaciu at mirantis.com>>
>>>>         wrote:
>>>>
>>>>             Yup, I checked and you can not add an inducement
>>>>             either. Also I believe some of the associations listed
>>>>             under the profile are wrong. I will write up a new
>>>>             email for that as well.
>>>>
>>>>             Meanwhile I reverted back to the original version. I
>>>>             will keep an eye out on the ticket.
>>>>
>>>>             Have a good night! Thanks for your prompt responses.
>>>>
>>>>             Thanks,
>>>>             -F
>>>>
>>>>             On Thu, Jun 2, 2016 at 3:37 PM, Pavol Mederly
>>>>             <mederly at evolveum.com <mailto:mederly at evolveum.com>> wrote:
>>>>
>>>>                 I think it is similar to this one:
>>>>                 https://jira.evolveum.com/browse/MID-3074.
>>>>
>>>>                 And I can see this wrong behavior also in my case.
>>>>                 This is unpleasant.
>>>>
>>>>                 We'll fix it soon, hopefully tomorrow. (Now it's
>>>>                 after midnight here... )
>>>>
>>>>                 Best regards,
>>>>
>>>>                 Pavol
>>>>
>>>>
>>>>                 On 03.06.2016 0:27, Florin. Stingaciu wrote:
>>>>>                 Hello again,
>>>>>
>>>>>                 I managed to get around this issue by actually
>>>>>                 applying the mysql-upgrade-3.3-3.4.sql patch.
>>>>>                 Everything came back up just fine, however now I'm
>>>>>                 running into a strange issue where I can not
>>>>>                 remove inducements from a role.
>>>>>
>>>>>                 For example: http://imgur.com/a/lWoKT
>>>>>
>>>>>                 The inducements stay there no matter how much I
>>>>>                 try to remove them. Is this a known issue in the
>>>>>                 current master?
>>>>>
>>>>>                 Thanks,
>>>>>                 -F
>>>>>
>>>>>
>>>>>
>>>>>                 On Thu, Jun 2, 2016 at 2:03 PM, Pavol Mederly
>>>>>                 <mederly at evolveum.com
>>>>>                 <mailto:mederly at evolveum.com>> wrote:
>>>>>
>>>>>                     Hello Florin,
>>>>>
>>>>>                     recently we changed the db schema a bit
>>>>>                     (because of MID-3061
>>>>>                     <https://jira.evolveum.com/browse/MID-3061>).
>>>>>
>>>>>                     So, please apply the corresponding migration
>>>>>                     script
>>>>>                     (config\sql\midpoint\3.4\<DBNAME>\<DBNAME>-upgrade-3.4-SNAPSHOT-*NNN*.sql).
>>>>>                     Which one - it depends on how old your
>>>>>                     existing master is. This particular problem is
>>>>>                     related to the latest one (numbered 6).
>>>>>
>>>>>                     An alternative is to set hbm2ddl parameter
>>>>>                     like this (in config.xml file in midpoint.home
>>>>>                     directory):
>>>>>
>>>>>                     <configuration>
>>>>>                     <midpoint>
>>>>>                     <repository>
>>>>>                     <hibernateHbm2ddl>*update*</hibernateHbm2ddl>
>>>>>                     ...
>>>>>
>>>>>                     (but this is recommended only for testing
>>>>>                     purposes, because some - but only very rare -
>>>>>                     changes are not correctly applied by hibernate
>>>>>                     itself)
>>>>>
>>>>>                     Best regards,
>>>>>
>>>>>                     Pavol
>>>>>
>>>>>
>>>>>                     On 02.06.2016 22:56, Florin. Stingaciu wrote:
>>>>>>                     Hello again,
>>>>>>
>>>>>>                     I'm having some troubles when rebuilding the
>>>>>>                     master. Here's the corresponding stack trace:
>>>>>>                     http://pastebin.com/TVUAKURb
>>>>>>
>>>>>>                     Also, I'm using SSO under apache with the
>>>>>>                     following ctx-web-security.xml file:
>>>>>>                     http://pastebin.com/rvs9cJDj
>>>>>>
>>>>>>                     Any ideas would be greatly appreciated.
>>>>>>
>>>>>>                     Thanks,
>>>>>>                     -F
>>>>>>
>>>>>>                     On Thu, Jun 2, 2016 at 11:36 AM, Florin.
>>>>>>                     Stingaciu <fstingaciu at mirantis.com
>>>>>>                     <mailto:fstingaciu at mirantis.com>> wrote:
>>>>>>
>>>>>>                         Thanks Pavel! I'll upgrade to the latest
>>>>>>                         and let you know how that works out.
>>>>>>
>>>>>>
>>>>>>                         On Wed, Jun 1, 2016 at 10:24 PM, Pavol
>>>>>>                         Mederly <mederly at evolveum.com
>>>>>>                         <mailto:mederly at evolveum.com>> wrote:
>>>>>>
>>>>>>                             Hello Florin,
>>>>>>
>>>>>>                             If I remember correctly, we've been
>>>>>>                             fixing this problem in master
>>>>>>                             (3.4-SNAPSHOT). It should be solved
>>>>>>                             in that branch.
>>>>>>
>>>>>>                             (If not, please drop a jira issue
>>>>>>                             with details how to reproduce, and
>>>>>>                             we'll certainly fix that.)
>>>>>>
>>>>>>                             Best regards,
>>>>>>
>>>>>>                             Pavol
>>>>>>
>>>>>>
>>>>>>                             On 02.06.2016 1:28, Florin. Stingaciu
>>>>>>                             wrote:
>>>>>>>                             Hello,
>>>>>>>
>>>>>>>                             I'm trying to recompute all members
>>>>>>>                             that are assigned a particuar role.
>>>>>>>                             I tried using the "Recompute All"
>>>>>>>                             (http://i.imgur.com/xLXjLwd.png)
>>>>>>>                             button in the "Members" section of a
>>>>>>>                             role. This launches a task that is
>>>>>>>                             successful however, it it does not
>>>>>>>                             process any objects.
>>>>>>>
>>>>>>>                             If I manually select the members I
>>>>>>>                             want and select "Recompute members"
>>>>>>>                             everything works just fine. Any ideas?
>>>>>>>
>>>>>>>                             Thanks,
>>>>>>>                             -F
>>>>>>>
>>>>>>>
>>>>>>>                             _______________________________________________
>>>>>>>                             midPoint mailing list
>>>>>>>                             midPoint at lists.evolveum.com
>>>>>>>                             <mailto:midPoint at lists.evolveum.com>
>>>>>>>                             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>>                             _______________________________________________
>>>>>>                             midPoint mailing list
>>>>>>                             midPoint at lists.evolveum.com
>>>>>>                             <mailto:midPoint at lists.evolveum.com>
>>>>>>                             http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>                     _______________________________________________
>>>>>>                     midPoint mailing list
>>>>>>                     midPoint at lists.evolveum.com
>>>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>                     _______________________________________________
>>>>>                     midPoint mailing list
>>>>>                     midPoint at lists.evolveum.com
>>>>>                     <mailto:midPoint at lists.evolveum.com>
>>>>>                     http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>                 _______________________________________________
>>>>>                 midPoint mailing list
>>>>>                 midPoint at lists.evolveum.com
>>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>                 _______________________________________________
>>>>                 midPoint mailing list
>>>>                 midPoint at lists.evolveum.com
>>>>                 <mailto:midPoint at lists.evolveum.com>
>>>>                 http://lists.evolveum.com/mailman/listinfo/midpoint
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         _______________________________________________
>>>>         midPoint mailing list
>>>>         midPoint at lists.evolveum.com
>>>>         <mailto:midPoint at lists.evolveum.com>
>>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>>
>>>
>>>
>>>         _______________________________________________
>>>         midPoint mailing list
>>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>         _______________________________________________
>>         midPoint mailing list
>>         midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>         http://lists.evolveum.com/mailman/listinfo/midpoint
>>
>>
>>
>>
>>     _______________________________________________
>>     midPoint mailing list
>>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>     _______________________________________________
>     midPoint mailing list
>     midPoint at lists.evolveum.com <mailto:midPoint at lists.evolveum.com>
>     http://lists.evolveum.com/mailman/listinfo/midpoint
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20160616/d12d1ca4/attachment.htm>


More information about the midPoint mailing list